DirectoryServices - NT authentication
-
I have need to authenticate users using windows authentiateion. I am using following code to do that. But problem with this is after three unsuccessful attempts, it locks user out from other applications using Directory Service, the same way when we try to login to windows machine and three consecutive wrong passwords locks the users out. Does anybody know how can I use Directory Service to make non-blocking call upon wrong password
DirectoryEntry entry = new DirectoryEntry("LDAP://RootDSE"); String str = entry.Properties["defaultNamingContext"][0].ToString(); MessageBox.Show(str); DirectoryEntry domain = new DirectoryEntry("LDAP://" + str, txtLogin.Text, txtPassword.Text); try { Object native = domain.NativeObject; MessageBox.Show(txtLogin.Text + " Authenticated. Hurray!!!"); } catch(Exception ) { MessageBox.Show(txtLogin.Text + " INVALID user :-(("); }Thanks you very much, Ruchi -
I have need to authenticate users using windows authentiateion. I am using following code to do that. But problem with this is after three unsuccessful attempts, it locks user out from other applications using Directory Service, the same way when we try to login to windows machine and three consecutive wrong passwords locks the users out. Does anybody know how can I use Directory Service to make non-blocking call upon wrong password
DirectoryEntry entry = new DirectoryEntry("LDAP://RootDSE"); String str = entry.Properties["defaultNamingContext"][0].ToString(); MessageBox.Show(str); DirectoryEntry domain = new DirectoryEntry("LDAP://" + str, txtLogin.Text, txtPassword.Text); try { Object native = domain.NativeObject; MessageBox.Show(txtLogin.Text + " Authenticated. Hurray!!!"); } catch(Exception ) { MessageBox.Show(txtLogin.Text + " INVALID user :-(("); }Thanks you very much, RuchiHi Ruchi The administrator (hopefully you) of the AD can change the setting that "locks out accounts on X failed login attempts". This would solve your problem. Also, you could try the Win32 Logon user function, although I would presume that it will cause the exact same error, as your error is not an error but an AD feature. The following code will log in a user account. The token returned can be used to make ur code impersonate the specific user account, calling System.Security.Principal.WindowsIdentity.Impersonate((System.IntPtr)token), if you should ever need that. If the account is invalid, you should recieve a 0 in the token returned from the function, as well as an error in the error variable. [DllImport("advapi32.dll", SetLastError=true) ] public static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, outint phToken); [DllImport("C:\\Windows\\System32\\Kernel32.dll")] public static extern int GetLastError(); public static int LogonWindowsUser(string username, string domain, string password) { int token; bool isLoggedin = LogonUser(username, domain, password, 3, 0, out token); int error = GetLastError(); return token; } /Zalkina